Hi dear mender community,
I’m trying to move a device from one self-hosted mender server to a different one and I’m using the
mender-auth bootstrap command for that.
I’m having some trouble and was hoping one of you could comment on that.
This is the error I’m facing:
admin@myMenderDevice~ $ sudo mender-auth bootstrap
record_id=1 severity=info time="2025-Jan-16 06:45:11.632907" name="Global" msg="Successfully loaded private key from /var/lib/mender/mender-agent.pem"
using interface /sys/class/net/eth0
record_id=2 severity=info time="2025-Jan-16 06:45:11.774078" name="Global" msg="Signing with: /var/lib/mender/mender-agent.pem"
record_id=3 severity=error time="2025-Jan-16 06:45:11.863050" name="http_client" url="https://myMender2.com/api/devices/v1/authentication/auth_requests" msg="https: Failed to perform the SSL handshake: certificate verify failed (SSL routines)"
record_id=4 severity=info time="2025-Jan-16 06:45:11.863817" name="Global" msg="Authentication error trying server 'https://myMender2.com': certificate verify failed (SSL routines): POST https://myMender2.com/api/devices/v1/authentication/auth_requests: "
record_id=5 severity=info time="2025-Jan-16 06:45:11.864097" name="Global" msg="Got Auth response"
record_id=6 severity=error time="2025-Jan-16 06:45:11.864208" name="Global" msg="Authentication error: No more servers to try for authentication"
So basically it can’t verify the cert for my mender server.
But curl for example is working:
admin@myMenderDevice~ $ curl -o /dev/null -s -w "%{http_code}\n" https://myMender2.com/ui/devices
200
I’m sure the cert, full chain and CA is in the store. What I was thinking is maybe mender-auth uses a different store where it looks up certificates?
Interestingly for my old server I didn’t need to put my cert anywhere else except for /usr/share/ca-certificates. I’m wondering why that’s the case now or if my method of switching the mender server is wrong?
Thanks for taking a look and happy new year to all 